Universal Extract v1.6 beta Available

Submitted by jbreland on Thu, 08/09/2007 - 08:44

I made available a beta version of the upcoming v1.6 release of Universal Extractor last night. I'm not making it available through the UniExtract home page because it's only a beta; it needs a lot of testing before official release. However, if you're interested in testing some of the new features and providing feedback on your results, you can find find change details and download links in this MSFN UniExtract forum post.

Inno Setup Support Scripts Update

Submitted by jbreland on Wed, 08/08/2007 - 01:06

I just posted updates to my Inno Setup CLI Help and Modify Path Inno Setup scripts. The CLI Help is a fairly small update - it just includes updated documentation for the latest version of Inno Setup.

The ModPath update is a bit more substantial; I added the ability to add multiple directories to the system path instead of just a single directory. Usually this capability should not be necessary, but I had a need to do this for the new version of Universal Extractor that's currently in development. If you're currently using an older version of the script, though, be sure to read the updated directions. This new version is not directly compatible with older versions and requires a few small changes to your main installer script.

The updates can be downloaded from each script's home page:
Inno Setup CLI Help
Modify Path

Hurricane Katrina - Two Years Later

Submitted by jbreland on Sun, 08/05/2007 - 02:38

Time Magazine has published a very interesting article in it's August 13, 2007 edition entitled, "The Threatening Storm." It provides a detailed look a defensive reconstruction plans and efforts since the storm, and, as expected for the area, investigates many of the absurdities and political ties of the plans. It's a fascinating read.

The full article can be found here:
http://www.time.com/time/specials/2007/article/0,28804,1646611_1646683_1648904,00.html

For convenience, here's the printable version that contains the full article on a single page:
http://www.time.com/time/specials/2007/printout/0,29239,1646611_1646683_1648904,00.html

Also, in semi-related news that only present or former residents of New Orleans would like care about, I just found out that a completely new Twin Span bridge is being constructed. This bridge, part of a heavily used corridor of Interstate 10, connects Slidell to New Orleans East across Lake Pontchartrain. It was heavily damaged during Katrina, and though all four lanes have since been reopened, the westbound bridge is still utilizing temporary steel bridge spans to "fill in the gaps" where the cement spans were dislodged and destroyed, limiting traffic to only 45 MPH.

The new bridges will be a vast improvement over the current spans. They'll feature three lanes of traffic each (up from the current two-lane bottleneck) and will be set 30 ft. above the water level (up from the current 8 ft.). I know I'm a bit slow on the uptake here as initial construction apparently began on July 13, 2006 (according to the Wikipedia article, but I only just found out about it after seeing the new construction during my last trip to New Orleans.

The new eastbound bridge will be complete by 2009, with the westbound bridge following in 2011. Very cool.

Complete details can be found here:
http://www.twinspanbridge.com/

And finally, in semi-semi-related news that even fewer people will care about, the "Green Bridge" in St. Bernard Parish apparently has its own Wikipedia page:
http://en.wikipedia.org/wiki/Green_Bridge_%28New_Orleans%29

I know, this is a largely useless addendum, but I was oddly excited to come across that entry and just felt like sharing. :-)

How to Mount VMware Disk Images under Linux

Submitted by jbreland on Sun, 08/05/2007 - 00:42

Occasionally I have need to copy files to/from a VMware instance. The usual process for this would involve starting up the virtual machine, loading the OS, copying the files, then shutting it down and exiting VMware. However, this adds a lot of overhead to a simply file copy process. There are some easy to find utilities for doing this under a Windows host OS, but doing so under Linux has proved a bit more difficult. After a good bit of searching, I found this VMware forum post that suggested I could use a utility called vmware-mount.pl to achieve this.

Excellent. Of course, as with many things in Linux, it's not that easy.

To begin with, I had to track down a copy of the utility. I use (and highly recommend) the excellent free VMware Player to run my guest instances. It works like a champ, but unfortunately contains only a limited selection of support tools. To get a copy of vmware-mount.pl, you'll need to download the VMware Server package for Linux. Specifically, download the file labeled "VMware Server for Linux Binary (tar.gz)". This script may also come with VMware Workstation, but VMware Server, like the Player product, is free to download and use.

Once you've downloaded VMware Server, extract the contents of the tarball ( tar xf VMware-server-1.0.3-44356). Change to the bin/ directory, and copy vmware-mount.pl and vmware-loop to the bin/ directory of your installed copy of VMware Player. In my case, this this /opt/vmware/player/bin/. Verify that both scripts are executable (chmod a+x >files< if necessary).

That takes care of installing the necessary files. In order to use these scripts, however, you need support enabled for certain kernel features. Depending on your distribution this may already be enabled, but for troubleshooting purposes I'm including the three main options that I'm aware of:

  • Loopback device support (allows mounting of file objects as block devices):
    Device Drivers -> Block devices -> Loopback device support
  • Network block device support (not sure exactly what this does, but it's necessary):
    Device Drivers -> Block devices -> Network block device support
  • Filesystem support for guest OS partition(s) (eg., FAT32 or NTFS for Windows partitions, etc.)
    File systems -> DOS/FAT/NT Filesystems -> VFAT (substitute for needed filesystems)

Note: all of these options can be compiled as modules if preferred.

Now, time to test the script. From the command line, change to a directory containing a VMware disk image (*.vmdk file). Issue the following command (substituting the name of your own disk filename):

vmware-mount.pl -p WinXP_Pro_SP2.vmdk

This should like the available partitions inside the virtual disk:

--------------------------------------------
VMware for Linux - Virtual Hard Disk Mounter
Version: 1.0 build-44356
Copyright 1998 VMware, Inc. All rights reserved. -- VMware Confidential
--------------------------------------------

Nr      Start       Size Type Id Sytem
-- ---------- ---------- ---- -- ------------------------
 1         63   12562767 BIOS  7 HPFS/NTFS

In this case, I have a single NTFS partition, labeled as partition 1. Next, we'll try mounting the partition. These commands must be run as root:

mkdir mount_test
vmware-mount.pl WinXP_Pro_SP2.vmdk 1 -o ro mount_test

These commands will create a temporary directory for testing, then mount the first partition of my VMDK file in read-only mode. You will likely be given a warning about using this program with 2.4+ kernels. In my experience it is safe to ignore this warning, so enter Y to continue. You may also be given a warning about loading the Network Block Device driver; again, enter Y to continue. If successful, switch to another console, switch to root again, and change to the mount_test/ directory. You should see a list of files and directories from the guest OS. Switch back to the first console and enter Control-C to unmount the disk.

Assuming all went well, you can now copy files to/from your virtual disk (remove the read-only switch in the above code to write to the disk). However, mounting the disk from the command line and performing all copy operations as root is not very convenient, so let's setup a method to automatically mount the disk using your standard user account. The next part of this tip utilizes techniques from my Adding Custom Actions to KDE Context Menus article, and will only work for KDE users.

To begin, we need to make KDE recognize the VMDK format by creating a file association. Within Konqueror, select Settings, Configure Konqueror.... Select the File Associations tab, then click Add... under the Known Types pane. Select application as the Group, enter the name x-vmdk, and click OK. Click Add.. in the Filename Patterns pane, enter *.vmdk, and click OK. Add another pattern for *.VMDK so KDE will recognize both cases. Enter a description, such as VMware disk image, then click OK to close the settings window.

Next, we need to tell KDE what to do with these files. Following the directions in the Adding Custom Actions to KDE Context Menus article, create the following servicemenu file:

vmdk.desktop
[Desktop Entry]
ServiceTypes=application/x-vmdk
Actions=mountvmdk

[Desktop Action mountvmdk]
Name=Mount VMDK
Exec=launch.sh %d mountvmdk.sh \"%f\"
Icon=binary

As you can see by the Exec line, this requires two "support" scripts, launch.sh and mountvmdk.sh. launch.sh can be found on the Adding Custom Actions to KDE Context Menus article page, and mountvmdk.sh, which is based on my mountiso.sh script from the same page, can be download here: mountvmdk.sh script. Both of these scripts must be made executable and placed in a directory in your user's path (eg, ~/bin/ or /usr/local/bin/).

The following command from mountvmdk.sh does the magic:

echo 'y' | sudo vmware-mount.pl $1 1 -o ro,uid=`id -u` $DIR

echo 'y' will automatically answer the question about using a 2.4+ kernel. sudo instruct the system to run the command as root (more on that later). The 1 instructs the command to mount the first partition. This shouldn't be an issue in most cases as there really isn't much of a need to create multiple partitions on a VMware disk, but keep it in mind in case you do need to work with multiple partitions. Moving along, the '-o ro' option will mount the disk in read-only mode. I'm doing this purely for safety reasons (this is a new process for me), and it should not be needed. Finally, the uid=`uid -u` option is important. This instructs the mount command to mount the disk under your regular user's name rather than as root. The id -u command will print out your uid (User ID) and pass it to the sudo mount command. Without this, you would be unable to view the files as a non-root user.

Finally, we need to tell Linux that it's ok to do this as a regular user. This is done using the sudo command. Make sure that sudo is installed on your system, then run visudo to edit the sudoers file. Explanation of the file format is way beyond the scope of this article (this simple Google search should provide plenty of examples), but you'll need to give your regular user account permission to run the vmware-mount.pl command. Additionally, if you chose to compile either the loopback network block device drivers as modules you'll need to have permission to run the modprobe command as well. Make sure that this access is only given to trusted accounts, as it can definitely be a security risk

That should do it. Save all of the files, restart Konqueror, and then right-click on a vmdk file. Select Actions, Mount VMDK from the context menu. You should now have the contents of the vmdk file accessible in a subdirectory matching the name of the original file. When finished, simply enter Ctrl-C in the xterm window to unmount the disk image and remove the temporary directory.

Much easier. :-)

Airline Security

Submitted by jbreland on Fri, 07/27/2007 - 13:45

I usually refrain from posting about such stuff on my site, mostly because I tend to work myself up into a rant and I just don't have the time and energy to deal with that these days, but this was a really good read. While responding to a question about a certain aspect of airline security, a pilot provided his thoughts on the industry as a whole. This is a very insightful point of view, and covers a lot of what's just plain wrong with the state of affairs today.

I highly encourage anyone interested in this sort of stuff (and if you ever have reason to fly on a plane, you should be interested) to read the full article. It only takes a few minutes.
http://hotair.com/archives/2007/07/16/a-pilot-on-airline-security/

(as found on Bruce Schneier's blog)

A Behind-the-Scenes Look at How DRM Becomes Law

Submitted by jbreland on Fri, 07/13/2007 - 09:42

This is just a quick post about an article I recently read. Cory Doctorow (of Boing Boing, among others) has written a pretty insightful article for Information Week on "...the back room dealing that allowed entertainment companies and electronics companies to craft public policy on digital rights management." It manages to be insightful, disturbing, and disgusting all at the same time, and is worth a read if you're interested in how DRM comes to be.

Here's a small excerpt from the article:

Then the MPAA dropped the other shoe: the sole criterion for inclusion on the list would be the approval of one of its member-companies, or a quorum of broadcasters. In other words, the Broadcast Flag wouldn't be an "objective standard," describing the technical means by which video would be locked away -- it would be purely subjective, up to the whim of the studios. You could have the best product in the world, and they wouldn't approve it if your business-development guys hadn't bought enough drinks for their business-development guys at a CES party.

You can read the full article here:
http://www.informationweek.com/news/showArticle.jhtml?articleID=201000854

or, you can find the much friendlier single-page version here:
http://informationweek.com/shared/printableArticle.jhtml?articleID=201000854

Which file types are actually executed during extraction by Universal Extractor?

Submitted by jbreland on Sun, 07/01/2007 - 14:49

JST posted a good question a while back in the Universal Extractor forum. He wanted to know if any executable files (such as installers) were actually run during the extraction process. For the vast majority of files, UniExtract will "rip" the contents out of the file using a extraction/decompression utility. For example, Inno Setup installers are handled by innounp, self-extracting Zip files are handled by 7-Zip or Info-ZIP, etc. However, there also cases where some files simply must be executed in order to extract the contents.

JST was concerned about this because he sometimes uses Universal Extractor to investigate malicious files. Obviously you want to be very careful when examining malicious files, so his concern was well justified. He asked for a list of file types that UniExtract will actually execute when extracting. It took me a while to get around to documented this, but I've finally done so. You can read the full list in this forum thread:

Are any files executed during extraction?

This is good information to know, especially if you ever work with suspicious files. I'm probably going to add this information to the main UniExtract page as well, and will look into possibly adding a warning message to UniExtract itself before executing any untrusted files.

Windows Vista Security Considerations for Developers

Submitted by jbreland on Fri, 06/22/2007 - 10:52

I'm sure that everyone reading this site is aware of the fact that Windows Vista has made some rather drastic changes to the underlying OS in the name of security. Some of these are good and overdue changes; some, however, are freakin' brain dead (you can see my last post for a very brief summary of my feelings about Vista from a user's perspective). Regardless of my personal feelings, the fact is Vista is here and it's install base is only going to grow as people purchase new PCs. Given that I maintain a few applications for Windows, I have to take Vista into consideration and make sure that my apps continue to play nicely on Microsoft's current and future operation systems.

Unfortunately, I'm rather late to this party. Until just recently I have had no direct exposure with Vista; I even managed to go through the entire alpha, beta, and release candidate stages of Vista without seeing a Vista system a single time. Needless to say, once it was released I began receiving notices that Universal Extractor has Vista compatibility issues. I'm sure AutoFLAC does as well, but I guess those users are a bit less demanding. :-) (I say that in jest, of course - the UniExtract community over on the MSFN forum has been fantastic!)

The good news is that I finally do have access to a Vista system. I can't stand using it (again, see my last post if you want to know how I really feel about it), but it can at least serve as a test box for UniExtract and AutoFLAC. The next couple revisions of each will focus on Vista compatibility, and in anticipation of this I've begun doing some research into the Vista changes that most affect applications and installers. I'm post some of the more useful links I've found both for my own reference and for anyone else that may benefit from this information.

New ACLs Improve Security in Windows Vista - detailed article about many of the changes to user and administrator privileges, file system and registry permissions, etc.; very informative, though highly technical

File and Registry Virtualization – the good, the bad, and the ugly - discussion about the compatibility features provided by Vista to allow older "non-compliant" applications to install and function properly

Vista considerations - small write-up on the Inno Setup Knowledge Base discussing Inno-specific considerations

Vista FAQ and INNO Vista and XP questions - two Inno Setup newsgroup discussion threads concerning Vista compatibility

I know there's a lot more information out there, and I'll probably update this post as I come across it, but this will get me started. Do you know of any other good resources? Please post a comment!